Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
08 January 2007  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Express Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

Multiple Vulnerabilities in Mozilla Firefox

Mozilla Firefox has been reported to have multiple vulnerabilities, which could be exploited to conduct cross-site scripting attacks and potentially compromise a user’s system. There are various errors in the layout and JavaScript engine that can be exploited to cause memory corruption and some may potentially allow execution of arbitrary code.

A boundary error is caused when setting the cursor to a Windows bitmap using the CSS cursor property. This can be exploited to cause a heap-based buffer overflow. There are some other vulnerabilities reported and the only solution to the problem seem to be an upgrade to version 1.5.0.9 or 2.0.0.1.

New Vulnerability in Microsoft Windows Vista

Malware Top 10
TROJ_STRAT.IC
WORM_STRAT.HZ
TROJ_CLAGGE.AI
TROJ_STRAT.IB
TROJ_CLAGGE.AE
WORM_BAGLE.OF
TROJ_MDROPPER.EB
PHP_PBOT.A
JS_WONKA.AI
WORM_NUWAR.LG

Source Trend Micro, Period: Dec 9 to Dec 18

A newly reported vulnerability in Microsoft Windows can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a double-free error in the handling of HardError messages within WINSRV.DLL. This may be exploited to execute arbitrary code under the CSRSS process with SYSTEM privileges by setting the caption or text parameters of the “MessageBox()” function to a string that starts with “\??\”. The problem has been reported in Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2, and Windows Vista. However, the only way one can get away from this problem is by granting access to trusted users only.

Symantec reports Trojan.Panddos

When Trojan.Panddos is executed, it copies itself as %System%\nsvc.exe, (Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows \System32 (Windows XP)). Then it creates a file named %System%\dllhost32.dll. A service is then created with ‘Service Name’ as www.ppandora.com, ‘Display Name’ as www.ppandora.com and ‘Path to Executable’ as %System%\nsvc32.exe. Two registry subkeys are then created for the above service : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\www.ppandora.com and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WWW.PPANDORA.COM. Then the Trojan injects code into the iexplore.exe process, thereby performing Denial of Service attacks(DoS). Finally it downloads and executes files from the Internet.

Sophos reports Rbot-FZD

W32/Rbot-FZD is a worm for the Windows platform. W32/Rbot-FZD runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. W32/Rbot-FZD includes functionality to access the internet and communicate with a remote server via HTTP.

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.